Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Batman once said, “you either die a hero or live long enough to see yourself become the villain.“ What if there was a way to become a cyber villain for the greater good? For the last 5 years, the MITRE ATT&CK Evaluations team has been improving the industry by “becoming the villain.“ We study some of the world’s most advanced threat actors, develop a scenario, build malware and tools, then execute the operations against major EDR vendors. And the best part? Not only do we get the business justification of becoming a villain to advance defenders, but our code is also open-sourced. Using a Latin American APT as our real-world villain, this talk will showcase how to merge CTI and red development capabilities for adversary emulation.... By: Cat Self, Kate Esprit Full Abstract and Presentation Materials: #becoming-a-dark-knight-adversary-emulation-demonstration-for-attck-evaluations-33209